The document discusses building a lightweight Docker container for Perl by starting with a minimal base image like BusyBox, copying just the Perl installation and necessary shared libraries into the container, and setting Perl as the default command to avoid including unnecessary dependencies and tools from a full Linux distribution. It provides examples of Dockerfiles to build optimized Perl containers from Gentoo and by directly importing a tarball for minimal size and easy distribution.
Logical Volume Management ("LVM") on linux looks like a complicated mess at first. The basics are not all that hard, and some features like mirroring, dynamic space management, snapshots for stable backups, mirroring, and over-provisioning via thin volumes can save a lot of time and effort.
Getting instantly up and running with Docker and SymfonyAndré Rømcke
A look into how you can start to use Docker today with ready made setup with php7, nginx, redis, blackfire and so on. How you may extend it, and integrating it into your continuous integration workflow, and how you can setup a continuous deployment workflow using for instance Travis-CI.
Quicklink: https://legacy.joind.in/19070
Ansible overview, architecture and concepts.
What is deploy? And how to deploying Symfony2 app with Ansible.
Thanks for http://www.slideshare.net/ramondelafuente/ansible-projectdeploy/.
Logical Volume Management ("LVM") on linux looks like a complicated mess at first. The basics are not all that hard, and some features like mirroring, dynamic space management, snapshots for stable backups, mirroring, and over-provisioning via thin volumes can save a lot of time and effort.
Getting instantly up and running with Docker and SymfonyAndré Rømcke
A look into how you can start to use Docker today with ready made setup with php7, nginx, redis, blackfire and so on. How you may extend it, and integrating it into your continuous integration workflow, and how you can setup a continuous deployment workflow using for instance Travis-CI.
Quicklink: https://legacy.joind.in/19070
Ansible overview, architecture and concepts.
What is deploy? And how to deploying Symfony2 app with Ansible.
Thanks for http://www.slideshare.net/ramondelafuente/ansible-projectdeploy/.
Dockerizing Symfony2 application. Why Docker is so cool And what is Docker? And what are Containers? How they works? What are the ecosystem of Docker? And how to dockerize your web application (can be based on Symfony2 framework)?
Raphaël Pinson's talk on "Configuration surgery with Augeas" at PuppetCamp Geneva '12. Video at http://youtu.be/H0MJaIv4bgk
Learn more: www.puppetlabs.com
DCSF19 Tips and Tricks of the Docker Captains Docker, Inc.
Brandon Mitchell, BoxBoat
Docker Captain Brandon Mitchell will help you accelerate your adoption of Docker containers by delivering tips and tricks on getting the most out of Docker. Topics include managing disk usage, preventing subnet collisions, debugging container networking, understanding image layers, getting more value out of the default volume driver, and solving the UID/GID permission issues with volumes in a way that allows images to be portable from any developer laptop and to production.
Streamline your development environment with dockerGiacomo Bagnoli
These days applications are getting more and more complex. It's becoming quite
difficult to keep track of all the different components an application needs in order to
function (a database, a message queueing system, a web server, a document
store, a search engine, you name it.). How many times we heard 'it worked on my
machine'?. In this talk we are going to explore Docker, what it is, how it works
and how much it can benefit in keeping the development environment consistent.
We are going to talk about Dockerfiles, best practices, tools like fig and vagrant,
and finally show an example of how it applies to a ruby on rails
application.
Cette présentation vous montrera comment utiliser et profiter rapidement de Docker, quelles commandes utiliser et quelles fonctionnalités sont disponibles.
sfPot de Lille - Le 15 janvier 2015
Использование Docker в CI / Александр Акбашев (HERE Technologies)Ontico
РИТ++ 2017, Root Conf
Зал Пекин + Шанхай, 6 июня, 17:00
Тезисы:
http://rootconf.ru/2017/abstracts/2504.html
В своём докладе я расскажу о том, почему мы решили использовать Docker в рамках Continuous Integration: ускорить тесты, повысить стабильность, улучшить контроль над окружением и используемыми библиотеками.
Доклад так же содержит подробности о многих сложностях, с которыми пришлось столкнуться в ходе миграции на Docker: борьба с растущим числом и размером образов, бесконтрольные обновления образов, нестабильное поведение, и другие.
В конце доклада я покажу, как именно мы следим за стабильностью Docker в нашей инфраструктуре. И насколько Docker стабилен на больших объемах (больше 100k билдов в сутки).
Dockerizing Symfony2 application. Why Docker is so cool And what is Docker? And what are Containers? How they works? What are the ecosystem of Docker? And how to dockerize your web application (can be based on Symfony2 framework)?
Raphaël Pinson's talk on "Configuration surgery with Augeas" at PuppetCamp Geneva '12. Video at http://youtu.be/H0MJaIv4bgk
Learn more: www.puppetlabs.com
DCSF19 Tips and Tricks of the Docker Captains Docker, Inc.
Brandon Mitchell, BoxBoat
Docker Captain Brandon Mitchell will help you accelerate your adoption of Docker containers by delivering tips and tricks on getting the most out of Docker. Topics include managing disk usage, preventing subnet collisions, debugging container networking, understanding image layers, getting more value out of the default volume driver, and solving the UID/GID permission issues with volumes in a way that allows images to be portable from any developer laptop and to production.
Streamline your development environment with dockerGiacomo Bagnoli
These days applications are getting more and more complex. It's becoming quite
difficult to keep track of all the different components an application needs in order to
function (a database, a message queueing system, a web server, a document
store, a search engine, you name it.). How many times we heard 'it worked on my
machine'?. In this talk we are going to explore Docker, what it is, how it works
and how much it can benefit in keeping the development environment consistent.
We are going to talk about Dockerfiles, best practices, tools like fig and vagrant,
and finally show an example of how it applies to a ruby on rails
application.
Cette présentation vous montrera comment utiliser et profiter rapidement de Docker, quelles commandes utiliser et quelles fonctionnalités sont disponibles.
sfPot de Lille - Le 15 janvier 2015
Использование Docker в CI / Александр Акбашев (HERE Technologies)Ontico
РИТ++ 2017, Root Conf
Зал Пекин + Шанхай, 6 июня, 17:00
Тезисы:
http://rootconf.ru/2017/abstracts/2504.html
В своём докладе я расскажу о том, почему мы решили использовать Docker в рамках Continuous Integration: ускорить тесты, повысить стабильность, улучшить контроль над окружением и используемыми библиотеками.
Доклад так же содержит подробности о многих сложностях, с которыми пришлось столкнуться в ходе миграции на Docker: борьба с растущим числом и размером образов, бесконтрольные обновления образов, нестабильное поведение, и другие.
В конце доклада я покажу, как именно мы следим за стабильностью Docker в нашей инфраструктуре. И насколько Docker стабилен на больших объемах (больше 100k билдов в сутки).
From Arm to Z: Building, Shipping, and Running a Multi-platform Docker Swarm ...Docker, Inc.
We live in a multi-platform world, and who doesn't want their project to run on all of them? The last few DockerCon events have covered the introduction of multi-platform image capabilities into the Docker registry and engine releases. Now it's time to put these features to good use building applications across architectures and running them all in a heterogeneous Docker Swarm! In this talk we'll cover the new `docker manifest` command for making multi-architecture images; how to emulate architectures in docker containers on your own machine; and give a live demonstration of these capabilities with a Docker Swarm consisting of workers of different CPU architectures, including armhf, ppc64le, s390x, and x86_64. We'll also share some pointers for making sure your project is multi-platform ready! Three Takeaways: 1. Attendees will be introduced to manifest lists and how to create multi-arch images using the new 'docker manifest' command. 2. Attendees will learn how to easily create and deploy a basic multi-arch service using multi-platform images. 3. Bonus: Attendees will learn how to run non-native docker containers on their systems.
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...Puppet
Here are the slides from David Lutterkort's PuppetConf 2016 presentation called The Challenges with Container Configuration. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Introducing containers into your infrastructure brings new capabilities, but also new challenges, in particular around configuration. This talk will take a look under the hood at some of those operational challenges including:
* The difference between runtime and build-time configuration, and the importance of relating the two together.
* Configuration drift, immutable mental models and mutable container file systems.
* Who configures the orchestrators?
* Emergent vs. model driven configuration.
In the process we will identify some common problems and talk about potential solutions.
Talk from PuppetConf 2016
Docker - from development to production (PHPNW 2017-09-05)Toby Griffiths
Whether you've heard about Docker or not, it's recent explosion into the development community makes it something that's difficult to ignore.
In this talk I'll cover how to get up and running with Docker for development.
Slides for my talk at the Blue4IT meeting in Utrecht. It shows you how to run everything in a Docker container. You can run the DTAP environment, the build environment and the development environment (including IDE) in Docker.
DCEU 18: Tips and Tricks of the Docker CaptainsDocker, Inc.
Brandon Mitchell - Solutions Architect, BoxBoat
Docker Captain Brandon Mitchell will help you accelerate your adoption of Docker containers by delivering tips and tricks on getting the most out of Docker. Topics include managing disk usage, preventing subnet collisions, debugging container networking, understanding image layers, getting more value out of the default volume driver, and solving the UID/GID permission issues with volumes in a way that allows images to be portable from any developer laptop and to production.
The Dockerfile Explosion and the Need for Higher Level Tools by Gareth RushgroveDocker, Inc.
Dockerfiles are great. They provide a zero-barrier-to-entry format for
describing a single Docker image which is immediately clear to anyone
reading them. But with that simplicity comes problems that become
apparent as your adoption of Docker gathers pace.
* Dockerfiles can inherit from other docker images, but images are not
Dockerfiles
* Dockerfile provides no built-in mechanism for creating abstractions,
so as usage grows identical or similar instructions can be duplicated
across many files
* The Docker APi exposes a build endpoint, but the API is very course,
taking Dockerfile as the transport rather than exposing the individual
instructions
* Dockerfiles are just that, files. So they can come from anywhere
The one layer per line in a Dockerfile limitation can lead to an
explosion of layers, which fail to take advantage of the promised
space and performance benefits.
With all of the focus on OOP and frameworks, sometimes the utilities get ignored. These modules provide us with lightweight, simple, effective solutions to everyday problems, saving us all from reinventing the wheel. This talk looks at a several of the utilities and shows some of the less common ways they can save a lot of time.
Nonparametric statistics show up in all sorts of places with fuzzy, ranked, or labeled data. The techniques allow handling messy data with more robust results than assuming normality. This talk describes the basics of nonparametric analysis and shows some examples with the Kolomogrov-Smirnov test, one of the most commonly used.
The $path to knowledge: What little it take to unit-test Perl.Workhorse Computing
Metadata-driven lazyness, Perl, and Jenkins provide a nice mix for automated testing. With Perl the only thing required to start testing is a files path, from there the possibilities are endless. Using Symbol's qualify_to_ref makes it easy to validate @EXPORT & @EXPORT_OK, knowing the path makes it easy to use "perl -wc" to get diagnostics.
The beautiful thing is all of it can be lazy... er, "automated". And repeatable. And simple.
perl often doesn't get updated because people don't have a way to know if their current code works with the new one. The problem is that they lack unit tests. This talk describes how simple it is to generate unit tests with Perl and shell, use them to automate solving problems like missing modules, and test a complete code base.
Using a base date, intervals, and ranges makes it easy to generate lookup tables for calendar intervals like annual or quarterly reports. The SQL for generating and searching the tables is made much easier using PG's built in range and interval types and more efficient with GiST indexes.
Face it, backticks are a pain. BASH $() construct provides a simpler, more effective approach. This talk uses examples from automating git branches and command line processing with getopt(1) to show how $() works in shell scripts.
This talk describes refactoring FindBin::libs from Perl5 to Raku: breaking the module up into functional pieces, writing the tests using Raku, testing and releasing the module with mi6.
Starting with the system calll "getrusage", this returns synchronous, process-level information, mainly max RSS used. This talk describes the output from getrusage, the rusage formatting utility in ProcStats, and several examples of using it to examine time and memory use.
Optional first & final outputs to give baseline and total status, differencing avoids extraneous output, and user messages allow arbitrary stat's and tracking content.
The combination makes this nice for tracking both long-lived and shorter, more intensive processing.
Variable interpolation is a standard way to BASH your head. This talk looks at interpolation, eval, ${} handling and "set -vx" to debug basic variable handling.
Performance benchmarks are all too often inaccurate. This talk introduces some things to look for in setting up and running benchmarks to make them effective.
A short description of the W-curve and its application to aligning genomic sequences. This includes a short introduction to the W-curve, example of SQL-based alignment of a crossover, suggestions for further work on its application.
We have all seen repetitive code, maintained by cut+paste, that creates an object, calls a method, checks a return, calls a method, checks a return... all of it difficult to maintain because of its sheer size.
Object::Exercise replaces the pasted loops with data-driven code, the operation controlled by a data structure of methods, arguments, and expected return values. This replaces cut+paste with declarative data.
This talk describes O::E and shows a few ways to apply it for testing the MadMongers' Adventure game.
Perl6 regular expression ("regex") syntax has a number of improvements over the Perl5 syntax. The inclusion of grammars as first-class entities in the language makes many uses of regexes clearer, simpler, and more maintainable. This talk looks at a few improvements in the regex syntax and also at how grammars can help make regex use cleaner and simpler.
Building a Perl5 smoketest environment in Docker using CPAN::Reporter::Smoker. Includes an overview of "smoke testing", shell commands to contstruct a hybrid environment with underlying O/S image and data volumes for /opt, /var/lib/CPAN. This allows maintaining the Perly smoke environemnt without having to rebuild it.
A few general pointers for Perl programmers starting out to write tests using Perl6. This describes a few of the differences in handling arrays vs. hashes, comparing objects, flattening, and value vs. immutable object contents.
This describes a Functional Programming approach to computing AWS Glacier "tree hash" values, hiding the tail-call elimination in Perl5 with a keyword and also shows how to accomplish the same result in Perl6.
This was the talk actually given at YAPC::NA 2016 by Dr. Conway and myself.
Implementing Glacier's Tree Hash using recursive, functional programming in Perl5. With Keyword::Declare we get clean syntax for tail-call elimination. Result is a simple, fast, functional solution.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Docker perl build
1. Thinking inside a box: Dockerizing Perl
Steven Lembark
Workhorse Computing
lembark@wrkhors.com
2. What's on your box?
Pre-compiled perl distros are terrible.
Bulky, slow, with annoying dependencies.
Not what you need...
3. Example: Red Hat Enterprize 7.0
5.16 == “end of life”
Doptimize=O2 g pipe fstack
protectorstrong mtune=generic
Dversion=5.16.3 Dmyhostname=localhost
Dperladmin=root@localhost
Dusethreads Duseithreads
Ubincompat5005
4. Example: Red Hat Enterprize 7.0
5.16 == “end of life”
Not exactly built for speed.
Doptimize=O2 g pipe fstack
protectorstrong mtune=generic
Dversion=5.16.3 Dmyhostname=localhost
Dperladmin=root@localhost
Dusethreads Duseithreads
Ubincompat5005
5. Example: Red Hat Enterprize 7.0
5.16 == “end of life”
Not exactly built for speed.
Thread overhead, even if you don't use them.
Doptimize=O2 g pipe fstack
protectorstrong mtune=generic
Dversion=5.16.3 Dmyhostname=localhost
Dperladmin=root@localhost
Dusethreads Duseithreads
Ubincompat5005
6. Fresh, not frozen
perl for your architecture.
optimized.
only dependencies you use (need).
Q: How?
7. Try it, you'll like it...
Bad approach: virtual machines...
8. Try it, you'll like it...
Bad approach: virtual machines...
and version-dirs...
and recompiling for each distro, architecture...
and symlink hell(2)...
…
10. Tasty alternative: lxc
Essentially an LPAR – we've come full circle.
Use a process to isolate & localize code.
Share the kernel.
Light weight, fast startup, easy to ship.
11. Fly in the soup
Ever try to use lxc?
Let alone finish the manpages?
Kills my appetite.
RTFM
lxc-attach.1
lxc-autostart.1
lxc-cgroup.1
lxc-checkconfig.1
lxc-checkpoint.1
lxc-clone.1
lxc-config.1
lxc-console.1
lxc-create.1
lxc-destroy.1
lxc-device.1
lxc-execute.1
lxc-freeze.1
lxc-info.1
lxc-ls.1
lxc-monitor.1
lxc-snapshot.1
lxc-start-ephemeral.1
lxc-start.1
lxc-stop.1
lxc-top.1
lxc-unfreeze.1
lxc-unshare.1
lxc-user-nic.1
lxc-usernet.5
lxc-usernsexec.1
lxc-wait.1
lxc.7
lxc.conf.5
lxc.container.conf.5
lxc.system.conf.5
12. Docker: MRE for linux
80/20 of lxc:
Layered filesystem + Repository + Command line.
More nutritious than exciting.
Still evolving.
13. Catch: Docker's doc is fattening!
Start with full Ubuntu image.
1.6GiB – Heart attack on a plate!
Includes X11 libs, lvm, mdadm, grub, parted... perl.
14. Q: How can we put docker on a healthy diet?
Start with something lighter-weight underneath?
Keep less of it in the container?
Well... since this is about perl:
15. A: There is more than one way to do it.
Build perl on a light[er] weight O/S.
Single package for perl + shared libs.
Shell tools available for qx{...}.
Still pretty heavy-weight.
16. A: There is more than one way to do it.
Copy perl on top of busybox.
Much leaner cuisine.
Decent collection of shell tools.
Shared lib's as layer or via -v.
17. A: There is more than one way to do it.
Just perl
Minimal for distribution of local perl.
Lacks tools to inspect the build.
18. A: There is more than one way to do it.
Just the application.
No empty calories.
Requires local perl for distributed use.
19. Start by getting docker.
They provide shell code for the basics:
$curl -sL https://get.docker.io/ | sh;
$wget -qO- https://get.docker.io/ | sh;
will do the deed on Fedora, Ubuntu/Debian, or Gentoo.
Avoids issues with apt/yum, not much value with emerge.
Need to validate kernel configs.
20. Be yourself
Don't run as su!
Add your users to “docker” in /etc/group.
After that check that docker is running:
$ docker ps;
Get access to the repository:
$ docker login;
21. Just a taste...
Minimal base container: busybox.
Good for experimenting:
$ docker pull busybox
Pulling repository busybox
fd5373b3d938: Download complete
...
f06b02872d52: Download complete
22. Getting inside the box
/bin/sh is default entrypoint:
$ docker run -t -i busybox;
# <-- su in box, login id out.
# ping 8.8.8.8; <-- network available.
...
# exit; <-- exit docker process
$ <-- original EUID
23. Gentoo is easy to dockerize
Common solution is a “stage-3” system.
Shell + libs + build tools.
Not much else.
About half the size of Ubuntu.
24. Finding a distribution
Start at the docker registry
https://registry.hub.docker.com/
Looking for stage-3 builds:
https://registry.hub.docker.com/search?q=gentoo+stage3
I find:
jgkim/gentoo-stage3 741.2 MB
Reasonable start.
25. Grabbing an O/S
Get the image:
$ docker pull jgkim/gentoo-stage3;
Run a container:
$ docker run –rm -i -t jgkim/gentoo-stage3;
# gcc --version;
gcc 4.8.4 good supports “--arch=native”
26. Building a perl container
Github has templates:
http://github.com/Perl/docker-perl
Dockerfiles like “5.020.000-64bit/Dockerfile”.
git acquires “5.020.0-64bit-optimized” directory.
27. FROM buildpack-deps # parent container
RUN apt-get update && apt-get install -y curl procps # commands to pull perl
RUN mkdir /usr/src/perl
WORKDIR /usr/src/perl # build dir within the container
RUN curl -SL http://www.cpan.org/src/5.0/perl-5.20.0.tar.gz | tar -xz --strip-components=1
RUN ./Configure -Duse64bitall -des
&& make -j$(nproc) && TEST_JOBS=$(nproc) make test_harness
&& make install && make veryclean
WORKDIR /root
CMD ["perl5.20.0","-de0"] # /bin/sh perl5.20.0 -de0
Distro's Dockerfile
29. New Dockerfile
FROM jgkim/gentoo-stage3
MAINTAINER Steven Lembark <lembark@wrkhors.com>
WORKDIR /var/tmp/
RUN wget -O – http://www.cpan.org/src/5.0/perl-5.20.2.tar.gz
| gzip -dc tar | tar xf -;
RUN cd perl-5.20.2 && Configure -de -Dprefix=/opt/perl
-Dman1dir=none -Dman3dir=none
-Doptimize='-O3 -march=native -pipe' ;
RUN make -C perl-5.20.2 all test install distclean;
RUN /opt/perl/bin/h2ph -r -a -l;
CMD [ "/opt/perl/bin/perl", "-d", "-E", "42" ]
30. Building Perl
The build takes input and optional repository tag.
Input is a directory not “Dockerfile”
$ cd /scratch/docker/gentoo+perl;
$ docker build –tag='lembark/perl-gentoo' . ;
Each step in the Dockerfile is an intermediate image.
31. Checking local containers
Intermediate images labeled with “<none>”.
These were from prior tests.
This one didn't finish:
$ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
<none> <none> 5906d8edbb59 10 minutes ago 726.1 MB
<none> <none> 10f5517fcada 23 minutes ago 726.1 MB
<none> <none> 7d328e761704 26 minutes ago 725.5 MB
<none> <none> 88f1e41aaed5 27 minutes ago 725.5 MB
<none> <none> 28052ace7e04 28 minutes ago 725.5 MB
<none> <none> 6f46836220d9 31 minutes ago 725.5 MB
32. $ docker build --rm=false –tag=lembark/gentoo-perl .;
Step 0 : FROM rndevfx/gentoo-stage3-amd64-nomultilib
---> e9d0ce66148c
Step 1 : MAINTAINER Steven Lembark
---> Using cache <-- recycled image
---> 41d5480e49e7
Step 2 : WORKDIR /var/tmp
---> Using cache
---> 010d3d70ced1
...
Step 7 : RUN make all test install; <-- first execution is here.
---> Running in 949c9ddfc2ef
Step 8 : RUN /opt/perl/bin/h2ph -r -a -l;
---> Running in b084569e8fc3
-r and -a options are mutually exclusive
INFO[1342] The command [/bin/sh -c /opt/perl/bin/h2ph -r -a -l;] returned a non-zero code
oops...
37. Welcome to perl
“CMD” gets run with an interactive container:
$ docker run –rm -i -t lembark/gentoo-perl;
Loading DB routines from perl5db.pl version 1.44
Editor support available.
...
main::(-e:1): 0
DB<1> x $^V
v5.20.2
38. Choose your toppings
Default for gentoo run /bin/bash <your command>.
Save typing with:
ENTRYPOINT [ “/opt/perl/bin/perl” ]
CMD [ "-d", "-E", "42" ]
Use –entrypoint='/bin/bash' if perl fails.
39. The next course
Stacked images inherit the ENTRYPOINT:
FROM lembark/gentoo-perl
CMD [ "/path/to/your/program" ]
runs
/opt/perl/bin/perl /path/to/your/program;
40. Test containers stack
Derive tests from the package.
Add ./t to another image.
WORKDIR [ “/path/to/your/code” ]
CMD [ "/opt/perl/bin/prove" ]
Result: no tests in product image:
docker run foo/bar; run application.
docker run foo/bar-test; run base tests.
41. Minimizing virtual size
Cannot remove inter-RUN space.
884.4 MB includes 100MB of /var/tmp/perl-5.20.2.
Avoiding it requires a single RUN.
No caching of intermediate steps.
Final size 787.8 MB.
Best for final construction.
42. Minimal Virtual Size: single "RUN" command
FROM jgkim/gentoo-stage3
MAINTAINER Steven Lembark <lembark@wrkhors.com>
WORKDIR /var/tmp/
# better yet, put this in a shell script and RUN ./build-perl!
RUN wget -O – http://www.cpan.org/src/5.0/perl-5.20.2.tar.gz
| gzip -dc tar | tar xf -
&& cd perl-5.20.2
&& Configure -de -Dprefix=/opt/perl
-Dman1dir=none -Dman3dir=none
-Doptimize='-O3 -march=native -pipe'
&& make all test install distclean
&& cd .. && rm -rf 5.20.2 ;
RUN /opt/perl/bin/h2ph -r -a -l;
ENTRYPOINT [ "/opt/perl/bin/perl" ]
CMD [ "-d", "-E", "42" ]
43. In most cases there is still a better way.
Note: You already have a local O/S.
Q: Why add another one to the container?
A: Because we are all used to virtual machines.
Time to reduce the calories...
44. Copy perl on top of busybox
Build & install into /opt/perl.
/opt/perl/Dockerfile
FROM lembark/busybox_x86
COPY [ “.”, “/opt/perl” ]
ENTRYPOINT [ “/opt/perl/bin/perl” ]
CMD [ , “-d”, “-E”, “0” ]
Check build: docker run –entrypoint='/bin/sh'
45. Nice combination
Useful shell tools for "qx".
/bin/sh in case of broken build.
Smaller package:
REPOSITORY VIRTUAL SIZE
lembark/busybox-perl 67.5 MB
lembark/gentoo-perl 787.8 MB
jgkim/gentoo-stage3 741.2 MB
localhost:5000/lembark/busybox 1.9 MB
46. Local dir with modules
/opt/perl/5.20/Dockerfile for bare copy of perl:
$ docker build –tag='lembark/perl-5.20' /opt/perl/5.20;
FROM /lembark/busybox
MAINTAINER Steven Lembark <lembark@wrkhors.com>
COPY [ ".", "/opt/perl/5.20" ]
WORKDIR /var/tmp
ENTRYPOINT [ "/opt/perl/5.20/bin/perl" ]
CMD [ "-d", "-E", "0" ]
47. Portion control for perl
What if you don't want CPAN::Reporter in Docker?
A: Keep a “docker-perl” install.
Extract stage3 into /scratch/docker-build.
Build perl “chroot /scratch/docker-build”.
Single /opt/perl with vetted modules.
Works for just about anything.
48. Nothing artificial, nothing added
Skip the Dockerfile: import a tarball.
"—change" inserts Dockerfile syntax into image.
cd /opt/perl; find . | cpio -ov -Htar |
docker import –change=”VOLUME /lib64”
--tag=”lembark/perl-5.20.2”;
Minimal base for Plack server.
49. Essential ingredients
Catch, this won't run as-is: since perl needs shared libs.
In my case, from /lib64.
Q: Where to get them without O/S image?
50. One way: Share libs
Run containers with read-only mount of /lib64:
docker run -v /lib64:/lib64:r …
Light-weight.
Fast: No images to ship.
Requires homogeneous lib's for distributed use.
Or "-v /var/tmp/$$:/var/tmp"
51. One way: bundle libs
“ldd” lists shared libs:
COPY them into the image with perl.
Build lib64 image from perl – order doesn't matter.
linux-vdso.so.1 (0x00007ffdfbbcb000)
libperl.so => /opt/perl/5.20/lib/5.20.2/x86_64-linux/CORE/libperl.so
(0x00007f40f8868000)
libnsl.so.1 => /lib64/libnsl.so.1 (0x00007f40f8650000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f40f844c000)
libm.so.6 => /lib64/libm.so.6 (0x00007f40f8153000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f40f7f1c000)
libutil.so.1 => /lib64/libutil.so.1 (0x00007f40f7d19000)
libc.so.6 => /lib64/libc.so.6 (0x00007f40f7981000)
/lib64/ld-linux-x86-64.so.2 (0x00007f40f8c2b000)
52. Zero protein pill
Use "-v" to add /lib4 and /opt/perl.
Image: Single #! script to start the application.
Images are a few KB.
Requires homogenous install of perl, application.
53. One way: static perl
Build perl & modules “--static”.
No hetergenious server issues.
perl image is larger.
Best for tests: no issues with underlying images.
54. Result: portable, optimized, minimal perl.
Static perl with busybox: 68 MB.
Whole lot less than Ubuntu.
Not a virtual machine.
Plack web server FROM this perl.
Viola!, you're up.
55. What did all of this get us?
Mainly an optimized, current perl.
With all [and only] the modules you need.
You also save the overhead of shipping an O/S image.
Faster startup.
Easier updates.
Simpler deployment.
56. Summary
Docker makes lxc approachable.
You don't always need a full O/S distro in the container.
perl on busybox makes a tasty, low-calorie alternative.
Use “-v” to import /lib64 for a full meal.
Even testing gets simpler: derive tests from package.
Say goodby to brewing perl, managing multiple versions.